lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D57QMS2B7KBS.2AR64O934IY0G@kernel.org>
Date: Mon, 28 Oct 2024 22:56:35 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Stefan Berger" <stefanb@...ux.ibm.com>,
 <linux-integrity@...r.kernel.org>, "Peter Huewe" <peterhuewe@....de>,
 "Jason Gunthorpe" <jgg@...pe.ca>
Cc: <linux-kernel@...r.kernel.org>, "David Howells" <dhowells@...hat.com>,
 "James Bottomley" <James.Bottomley@...senPartnership.com>, "Mimi Zohar"
 <zohar@...ux.ibm.com>, "Roberto Sassu" <roberto.sassu@...wei.com>, "Paul
 Moore" <paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "Serge E.
 Hallyn" <serge@...lyn.com>, "Dmitry Kasatkin" <dmitry.kasatkin@...il.com>,
 "Eric Snowberg" <eric.snowberg@...cle.com>, "open list:KEYS-TRUSTED"
 <keyrings@...r.kernel.org>, "open list:SECURITY SUBSYSTEM"
 <linux-security-module@...r.kernel.org>, "Pengyu Ma" <mapengyu@...il.com>,
 <stable@...r.kernel.org>
Subject: Re: [PATCH v8 3/3] tpm: Lazily flush the auth session

On Mon Oct 28, 2024 at 7:52 PM EET, Stefan Berger wrote:
>
> On 10/28/24 1:50 AM, Jarkko Sakkinen wrote:
> > Move the allocation of chip->auth to tpm2_start_auth_session() so that this
> > field can be used as flag to tell whether auth session is active or not.
> > 
> > Instead of flushing and reloading the auth session for every transaction
> > separately, keep the session open unless /dev/tpm0 is used.
> > 
> > Reported-by: Pengyu Ma <mapengyu@...il.com>
> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219229
> > Cc: stable@...r.kernel.org # v6.10+
> > Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
> > Tested-by: Pengyu Ma <mapengyu@...il.com>
> > Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
>
> Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
> Tested-by: Stefan Berger <stefanb@...ux.ibm.com>

Thanks!

Next after this: tpm2_get_random() issues reported.

I think biggest problem with that in general, and independent of bugs,
is that it does not pool random but instead pulls random small chunks.
This is more like performance issue exposed by bus encryption than
introducing a new issue (not formally but with better implementation
would not be necessarily a problem).

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ